Presence of a malicious application, such as a virus or malware, that impacts sensitive data.

Credentials or other access control mechanisms that are lost, stolen, or disclosed.

Lost or stolen computing devices that contain sensitive data.

Lost or stolen mobile storage devices that contain sensitive data.

Information Security Data Breach Response Team

TTC Information Security Liaison

Chief of Staff, Student Services

Director, Finance

Associate VP, Human Resources

Registrar, Student Services

Director, Infrastructure Services

Director, IT Customer Service

Director, Enterprise Services

Operations Manager, Enterprise Services

Director, Public Safety

Public Information Director, Marketing

Business Operations Manager, Continuing Education

Assistant VP, Academic Affairs

Internal Auditor, Finance and Administration

TTC Legal Liaison

Information Security Data Breach Notification

TTC employees or third party contractors must complete the data breach alert form to report a data breach. If the form is not available, please email the Data Breach Response Team at databreach@tridenttech.edu. If email is not available, please call TTC’s Information Security Liaison at 843-574-6311 or the IT Helpdesk at 843-574-6801.

What date did the breach occur and what date was the breach discovered?

Briefly describe the scope of the breach (e.g. the number of data records compromised and/or the number of users that are affected).

Data Breach Assessment, Prioritization, and Response (Response Team)TTC’s Information Security Liaison will serve as a Breach Response Team manager and coordinate activities. In the Security Liaison’s absence, the Student Services Chief of Staff will serve as Response Team manager. In the Chief of Staff’s absence, the Academic Affairs Assistant VP will serve as Response Team manager.

The Breach Response Team manager will immediately convene the team to perform the following steps:

Validate the data breach:

Has a data breach occurred in violation of a law or regulation?

Is the status of the data breach active or post breach?

What was the method of data disclosure?

Internal, external, malicious, accidental/unintended?

Does the breach impact system functionality?

To what extent does the breach affect faculty, staff, and students?

What is the anticipated reputational and financial impact to the college?

Assign a high or low priority level to the data breach based on current and future impact.

Notify Cabinet of high priority data breaches.

Cabinet, with guidance from TTC’s Legal Liaison and external Legal Counsel, will determine whether to notify law enforcement based on the nature of the breach and federal, state regulations.

Cabinet will designate a college representative with the authority to share breach information to external parties including law enforcement.